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-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)13 Responsive to communication(s) filed on 19 December 2001 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) 03 Claim(s) 1-16 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) [2 Claim(s) 1-16 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) (3 The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 19 December 2001 is/are: a)D accepted or b)£3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Drawings 

The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they 
include the following reference character(s) not mentioned in the description: Fig. 2, elements 
240 and 290. Please review elements in the figures and the disclosure in order to ensure that all 
elements appearing in the figures are also described in the specification. Corrected drawing 
sheets in compliance with 37 CFR 1. 121(d), or amendment to the specification to add the 
reference character(s) in the description in compliance with 37 CFR 1 . 121(b) are required in 
reply to the Office action to avoid abandonment of the application. Any amended replacement 
drawing sheet should include all of the figures appearing on the immediate prior version of the 
sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing 
date of an application must be labeled in the top margin as either "Replacement Sheet" or "New 
Sheet" pursuant to 37 CFR 1 . 121(d). If the changes are not accepted by the examiner, the 
applicant will be notified and informed of any required corrective action in the next Office 
action. The objection to the drawings will not be held in abeyance. 

Specification 

The abstract of the disclosure is objected to because references are made to various figure 
elements. The numeral reference should be deleted. Correction is required. See MPEP 
§ 608.01(b). 



Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 
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The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claims 1-16 are rejected under 35 U.S.C. 1 12, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 
As per claims 1 and 9: 

Claims 1 and 9 recite the limitation "the signature certificate" in line 5. There is 
insufficient antecedent basis for this limitation in the claim. In order to treat these claims based 
on their merits, it is presumed that applicants intended to refer to the "user signature certificate" 
that was previously introduced in line 4. 
As per claim 8: 

As presently stated, claim 8 is a method claim that depends on a computer program claim 
1 1 , hence claim 8 has a different statutory class than its parent claim 11. It is unclear whether 
this dependency is an error. In order to further treat this claim on its merits, it is presumed that 
applicants intended to have claim 8 dependent on claim 1 as opposed to claim 11, since claim 1 1 
is presented later. 
As per claims 2-7 and 10-16: 

These claims are rejected by virtue of their dependency. 

Claim Rejections - 35 USC § 103 
I. The following is a quotation of 35 U.S.C 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
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such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

II. Claims 1-16 are rejected under 35 U.S.C. 103(a) as being unpatentable over Muftic, 

United States Patent No. 5,943,423, and further in view of Burn, United States Publication No. 

2003/0005291. 

As per claim 1 : 

Muftic teaches a method for assigning certificates/private keys to a token, comprising: 
accessing the token through a token reader connected to a computer system (fog. 3, elements 350 
and 360) by a certificate/private key authority (col. 5, lines 23-47); reading a token ID and a user 
signature certificate from the token (col. 5, lines 33-47 and col. 15, lines 42-50); searching for a 
match for the token ID and the signature certificate in an authoritative database (col. 15, lines 51- 
57; reference to U.S. Patent No. 5745,574); creating a certificate and digitally signing the 
certificate/private key using a signature certificate of the certificate authority (col. 15, lines 58- 
61). Not explicitly disclosed by Muftic is creating the certificate, wherein the certificate is 
wrapped with a public key associated with the token ID; downloading the certificate/private key 
to the token; and decrypting the certificate/private key using a private key stored in the token. 

However, Burn teaches wrapping the certificate with a public key associated with the 
token ID, as well as downloading the certificate to the token and decrypting it with the private 
key stored in the token. Therefore, it would have been obvious to a person in the art at the time 
the invention was made to modify the method disclosed in Muftic to encrypt the certificate with 
a public key associated with the private key on the token and downloading/decrypting the 
certificate in order to create an association between the user's token and the certification 
authority. This modification would have been obvious because a person having ordinary skill in 



Application/Control Number: 10/027,622 Page 5 

Art Unit: 2133 

the art, at the time the invention was made, would have been motivated to do so since it is 
suggested by Burn in par. 44. 
As per claim 2: 

Muftic and Burn substantially teach the method recited in claim 1 above. Furthermore, 
Burn discloses the method, wherein the certificate/private key is a plurality of certificates/private 
keys that at least one certificate/private key is a signature certificate for the user and encryption 
certificate/private key for the user (par. 44). Not explicitly disclosed by Muftic and Burn is the 
method role certificate/private key for the user. However, Burn teaches user distinct certificates 
which also encompass other employee information. Therefore, it would have been obvious to a 
person in the art at the time the invention was made to modify the method disclosed in Muftic to 
use the employee information requested from the user in order to create a user role certificate. 
This modification would have been obvious because a person having ordinary skill in the art, at 
the time the invention was made, would have been motivated to do so since it is suggested by 
Burn in par. 41, lines 1-12. 
As per claim 3: 

Muftic and Burn substantially teach the method recited in claim 2 above. Furthermore, 
Burn teaches the method wherein the wrapping of the certificate with the public key of the token 
encrypts the certificate (par. 44, lines 7-21). 
As per claim 4: 

Muftic and Burn substantially teach the method recited in claim 3 above. Furthermore, 
Burn teaches the method, wherein the token is a smart card (par. 31). 
As per claim 5: 
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Muftic and Burn substantially teach the method recited in claim 4 above. Furthermore, 
Burn teaches the method wherein the token ID is assigned by a token manufacturer at the time 
the token is created (par. 33 and 35-36) and stored in the authoritative database when assigned to 
a user (par. 44). 
As per claim 6: 

Muftic and Burn substantially teach the method recited in claim 5 above. Furthermore, 
Burn teaches the method wherein downloading the certificate/private key to the token is done 
through an unsecured communications line (par. 34 and par. 48). 
As per claim 7: 

Muftic and Burn substantially teach the method recited in claim 6 above. Furthermore, 
Burn teaches the method wherein decrypting the certificate/private key using a private key stored 
in the token requires the entry of a pass phrase by a user. Burn teaches the method of having a 
user PIN in order to access the certificate which is what allows access to decrypt messages 
received, the first of which contains the certificate of the server (fig. 5, elements 140 and 150). 
As per claim 8: 

Muftic and Burn substantially teach the method recited in claim 1 above. Furthermore, 
Muftic teaches the method further comprising: authenticating, by the signing of the 
certificate/private key using a signature certificate of the certificate authority, that the 
certificate/private key was issued by the certificate authority (col. 15, lines 57-64). 
As per claims 9-16: 

Muftic and Burn substantially teach the method for carrying out the steps of a computer 
program embodied on a computer readable medium and executable by a computer for assigning 
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certificates/private keys to a token, comprising: accessing the token through a token reader 
connected to a computer system by a certificate authority; reading a token ID and a user 
signature certificate from the token; searching for a match for the token ID and the signature 
certificate in an authoritative database; creating a certificate, wherein the certificate is wrapped 
with a public key associated with the token ID and digitally signing the certificate/private key 
using a signature certificate of the certificate authority; downloading the certificate/private key to 
the token; and decrypting the certificate/private key using a private key stored in the token as 
shown in claim 1 . Therefore, claim 9 is rejected based on the fact that it carries out the same 
steps as the method claim as rejected in claim 1 . 

Furthermore, Muftic and Burn teach the limitations in each of the dependent claims 10-16 
as applied to the rejected method claims 2-8 above. Therefore, claims 10-16 are rejected based 
on the fact that the program executes the steps identical to the method claims as rejected above. 

^References Cited, Not Used 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

1. U.S. Patent No. 6,003,014 

2. U.S. Patent No. 6,460,138 

3. U.S. Patent No. 5,721,781 

4. U.S. Pub. No. 2002/0026578 

The above references have been cited because they are relevant due to the manner in which the 
invention has been claimed. 
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Conclusion 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on (571) 272-3819. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Nadia Khoshnoodi 
Examiner 
Art Unit 2133 
3/7/2005 
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